271/69 Wednesday, May 20, 2026
Cybersecurity researchers from SentinelLABS have discovered a new macOS-focused infostealer malware known as Reaper. Reports indicate that the malware is capable of bypassing detection mechanisms and the latest security protections in macOS Tahoe 26.4. The threat is particularly concerning because Reaper not only steals passwords and cryptocurrency assets, but also deploys a persistent backdoor that allows attackers to maintain long-term remote access to compromised systems, potentially leading to significant organizational data loss.
The attack chain begins with fake software download websites impersonating popular applications such as WeChat or Miro. Attackers use typo-squatted domains resembling legitimate services, such as “mlcrosoft.co.com,” to deceive victims. Once users visit the malicious site, embedded scripts collect system information before prompting victims to launch the macOS Script Editor application and execute hidden malicious scripts. The malware then displays fake system alerts designed to closely imitate legitimate macOS System Preferences windows, including deceptive error messages and prompts asking users to enter their device password to “update settings.” If the victim provides their password, the malware proceeds to steal data from web browsers, password managers, cryptocurrency wallets, and sensitive documents stored on the system before exfiltrating them to attacker-controlled servers. Researchers also found that Reaper creates hidden directories disguised as Google Software Update components to maintain persistent backdoor access and periodically check in with command-and-control infrastructure every 60 seconds.
To reduce the risk of compromise, users and administrators are advised to carefully verify software sources and avoid downloading applications from untrusted websites or suspicious links. One important warning sign is any website attempting to force the automatic launch of macOS Script Editor, which users should immediately close if encountered unexpectedly. Organizations should also strengthen monitoring for abnormal network activity and regularly review macOS security configurations to better detect increasingly evasive and adaptive malware threats targeting Apple devices.
Source https://hackread.com/reaper-malware-fake-microsoft-domain-macos-passwords/